difficulty medium

#2025.10.30

Adding the IP addr with our strutted.htb subdomain to

sudo nano /etc/hosts

Nmap result

Documents/htb/strutted
-> sudo nmap -Pn -sC -sV -T4 -O 10.10.11.59
[sudo] password for xacce:
Starting Nmap 7.98 ( <https://nmap.org> ) at 2025-10-30 17:36 +0800
Nmap scan report for strutted.htb (10.10.11.59)
Host is up (0.26s latency).
Not shown: 998 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   256 3e:ea:45:4b:c5:d1:6d:6f:e2:d4:d1:3b:0a:3d:a9:4f (ECDSA)
|_  256 64:cc:75:de:4a:e6:a5:b4:73:eb:3f:1b:cf:b4:e3:94 (ED25519)
80/tcp open  http    nginx 1.18.0 (Ubuntu)
|_http-title: Strutted\\xE2\\x84\\xA2 - Instant Image Uploads
|_http-server-header: nginx/1.18.0 (Ubuntu)
Device type: general purpose|router
Running: Linux 4.X|5.X, MikroTik RouterOS 7.X
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 cpe:/o:mikrotik:routeros:7 cpe:/o:linux:linux_kernel:5.6.3
OS details: Linux 4.15 - 5.19, MikroTik RouterOS 7.2 - 7.5 (Linux 5.6.3)
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

OS and Service detection performed. Please report any incorrect results at <https://nmap.org/submit/> .
Nmap done: 1 IP address (1 host up) scanned in 22.19 seconds

Upon visiting on the port 80

image.png

There is the download our app button so lets download and see what is this about

image.png

java project hmm let me inspect for a bit.

Upon inspecting little bit its using struts framework with the version of 6.3.0.1

And searched for the vuln found